Overview

overview

10

Static

static

3

NjRAT 0.7D...7d.exe

windows7-x64

10

NjRAT 0.7D...7d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    772fa45757a013a313e433bd224a1147_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240526-3l1ktshc25

  • MD5

    772fa45757a013a313e433bd224a1147

  • SHA1

    7d0982c97106628da7bedda960725ba99c99080c

  • SHA256

    d0c55a35e1e92414c67c3f8f79c6e5c8736e6039cac4b13378c7abd3e87579b7

  • SHA512

    4ae6a7d8ace0f9d2ae6cdfb30d14a52d5310c10f3a44a888a2ab4ed1b24f0bfb394fa32786357db6adf73b6f1a6cf04350d13f1ac89926778dec6c292dd6e51d

  • SSDEEP

    49152:mN8KROOiLDFL4GTlLLii7a4HDEtoujA+Or/aiWeb1HAOzj:waD/TlfxxDEbjA+SSi3b1bj

Score
10/10
imminentevasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      NjRAT 0.7D/njRAT v0.7d/njRAT v0.7d.exe

    • Size

      2.1MB

    • MD5

      82797e8e4f73c21fbafe42c0f0a6af02

    • SHA1

      3a3c35c40b15969ea5c4ab466d5df56f3cfd60ed

    • SHA256

      903d1bf52ade4faa221f0b264f1ac2bc816ff82c21542fde9b03d650f85d5ec9

    • SHA512

      21a547080da7aafcd62e3fa588e80d99a3eec23a9bc70789a9402331b41a9996086061748b2ca9b3ad056fb44b585fc85aad7a98950bca543a0979d4aaf06c97

    • SSDEEP

      24576:/tNAFB4Uzr6UeRmmZg8ADHWsJuFfo5jYbYzHSG/UpnMUnFz3Y/l0FbKXjGHO/gF7:/Xw+Fb3HOYF2

    Score
    10/10
    imminentevasionpersistencespywaretrojan

    • Imminent RAT

      Remote-access trojan based on Imminent Monitor remote admin software.

      trojanspywareimminent

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks